For your eyes only (please)

By the Webroot Threat Team

Have you ever had the queasy experience of sending a message to someone that you’d rather not have anyone else see, and then hoping that it won’t get passed along? A new system developed by Internet law and security researchers aims to solve the problem, with a light-handed touch.

The Stanford Center for Internet and Society has launched Privicons, an email privacy tool that it describes as a ‘user-to-user’ solution. There are no policy servers, crypto algorithms, or software enforcement agents to worry about. Instead, it relies on good old-fashioned icons.

Webmail users who install the Privicons plugin can choose from a selection of icons that are then pasted into their mail. Each of the icons represents a specific request concerning how the information in the mail is treated. The icons are as follows:

‘Keep private’: Don’t pass on the information, or identify the sender.

‘Keep anonymous’: Use the information freely, but don’t tell anyone who sent it to you.

‘Don’t print’: This can be for environmental or security reasons.

‘Delete after reading/X days’: Delete the information to avoid it falling into the wrong hands.

‘Keep internal’: Keep it among a close circle of people.

‘Please share’: Distribute freely.

Representatives for the project specifically define this as a signal- versus code-based approach to email privacy. The underlying principle is that they’re easy to include in an email as a simple way to indicate the way that you’d like your content and your identity to be treated, but that they cannot be technically enforced. This approach acknowledges that once a mail arrives with a recipient, it is up to them what they do with it. You’re essentially relying on them to be a good egg.

Even the full text describing the purpose of each icon makes this clear. For example, the text associated with the ‘Keep internal’ icon reads:

“The judgment of whether a person is within such a circle belongs solely to the recipient, unless the sender chooses to clarify which group is acceptable.”

This idea of asking rather than enforcing email privacy has led to a discussion about whether icons that aren’t legally or technically enforceable are worthwhile.

On the one hand, this is unlikely to satisfy compliance officers. On the other hand, it is a lot more workable than more stringent technical approaches that use digital rights management to enforce email privacy. These systems enable you to set rules about who reads your content and what happens to attachments that are then enforced by the recipient’s email software. But they are usually locked down to a particular vendor’s system, making it difficult, say, to enforce via webmail. And what happens if you want to enforce such email privacy solutions on a contractor’s Mac, when the rules were set up on Exchange, via a PC running Outlook?

The Privicons team has proposed the system officially to the Internet Engineering Task Force. As a stopgap for the technologically challenged that promote the use of heterogeneous email clients, they’re a potentially useful tool.

But there are other measures, providing more effective protection. In whistleblowing situations, and other scenarios where you must protect your content and your identity for unusual reasons, you can encrypt your sensitive content and provide access credentials via a separate channel. And anonymous remailers can also help you shield your identity.

But in the 99% of cases where the situation isn’t as critical, perhaps the solutions are even more simpler:

Never mail anyone anything that you wouldn’t want your mother to see.

Never mail anything saying anything about a third party that you wouldn’t want that third party to read.